https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-ctl-chain-questions-for-the-community/m-p/151513#M24831 <P>Simply based on the screenshot of chains, not really.</P> <P>You may see the chains enabled for a particular feature, but if the policy is configured to bypass the blade, it will not be reflected here.</P> <P>You can use the fw monitor to see the traffic between specific sources and destinations through inspection points that cover most of the chain modules.</P> Wed, 22 Jun 2022 16:30:17 GMT Vladimir 2022-06-22T16:30:17Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-ctl-chain-questions-for-the-community/m-p/151501#M24830 <P>Hello,</P><P>Considering the attached screenshot I am curious to know what members of the community have as answers to these questions or comments on the questions as they stand:</P><P>1. Can you see how the traffic flows through the kernel?</P><P>2. Besides the Firewall, what other modules are engaged?</P><P>3. Can you tell if IPS is currently deployed?</P><P>&nbsp;</P><P>Some knowledge of the kernel is assumed but not advanced technical knowledge.</P><P>Thanks,</P><P>Don</P> Wed, 22 Jun 2022 15:09:09 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-ctl-chain-questions-for-the-community/m-p/151501#M24830 Don_Paterson 2022-06-22T15:09:09Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-ctl-chain-questions-for-the-community/m-p/151513#M24831 <P>Simply based on the screenshot of chains, not really.</P> <P>You may see the chains enabled for a particular feature, but if the policy is configured to bypass the blade, it will not be reflected here.</P> <P>You can use the fw monitor to see the traffic between specific sources and destinations through inspection points that cover most of the chain modules.</P> Wed, 22 Jun 2022 16:30:17 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-ctl-chain-questions-for-the-community/m-p/151513#M24831 Vladimir 2022-06-22T16:30:17Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-ctl-chain-questions-for-the-community/m-p/151519#M24832 <P>PSL is going to be active if you have any blade active above and beyond FW and VPN (e.g. IPS, App Control, URL Filtering).<BR />enabled_blades will provide a more precise answer to 2 and 3.&nbsp;</P> Wed, 22 Jun 2022 19:07:05 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-ctl-chain-questions-for-the-community/m-p/151519#M24832 PhoneBoy 2022-06-22T19:07:05Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-ctl-chain-questions-for-the-community/m-p/151521#M24833 <P>Thanks.</P><P>That is true, and to see PSL (the kernel module) the command -- fw ctl debug -m | grep 'Modules' -- is a good command.</P><P>So,basically, question number 2 cannot be answered and the answer to question number 3 is No if only considering the output of the fw ctl chain command.</P><P>Regards,</P><P>Don</P><P>&nbsp;</P> Wed, 22 Jun 2022 19:19:07 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-ctl-chain-questions-for-the-community/m-p/151521#M24833 Don_Paterson 2022-06-22T19:19:07Z